In U.S. Pat. No. 4,827,508 to Shear, or U.S. Pat. No. 5,010,571 to Katznelson, a system for metering the access to encrypted data in a CD ROM database is disclosed. Briefly, in Shear or Katznelson, a CD ROM containing an encrypted database of interest to a user is distributed typically at nominal cost or at no cost. The user terminal includes a CD ROM reader, and a remote cryptographic control unit which is provided with stored cryptographic keys needed to access to the database. The amount of actual data use, i.e. the retrieval and decryption of data from the CD ROM, is metered locally and recorded as a stored data usage record. The charge for data access may be either in accordance with the amount of data decrypted, or in accordance with price information recorded in the respective data headers of each individual data packet.
The local stored data usage record is reported (uploaded) by telephone modem (or other telecommunications link) from tile remote user terminal to a cryptographic operations center. Each remote cryptographic control unit has a stored user secret key, unique to that user terminal. Communication between the user terminal and the cryptographic operations center is protected by encryption under the user secret key, which is stored in a secure memory in the cryptographic control unit. The user secret key for each user is also stored in the cryptographic operations center. When a remote user terminal calls in and identifies itself, the cryptographic operations center looks up the corresponding user secret cryptographic user key, which is then used to secure the subsequent communication data exchange between the remote user terminal and the cryptographic operations center. Also stored in the cryptographic operations center are the various cryptographic keys corresponding to the available CD ROM database titles. The user secret key is also used to secure the delivery of secret database keys from the cryptographic operations center to the user terminal for a desired CD ROM database.
As indicated, the remote cryptographic control unit reports data usage by telephone modem. After the data usage report is successfully uploaded to the cryptographic operations center, the user is then billed for the actual database usage based on the content of the uploaded data usage report. Thus, rather than being required to purchase an entire CD ROM database, the user pays only for the amount of data actually used or decrypted from the CD ROM.
Typically, the remote cryptographic control unit in the user terminal contains a credit register. The credit register limits the amount of data which may be decrypted before requiring a usage data report to be uploaded to the cryptographic operations center. For each data purchase recorded in the data usage record, a debit is made from the credit register. The purpose of the credit register is to prevent unlimited access to the database without reporting and paying for data usage. If the available credit is exhausted, no further data decryption is allowed until the past data usage record is reported by the user terminal to the cryptographic operations center, and a new amount of credit is then downloaded to the user terminal.
The data communication channel by telephone modem between the user terminal and the cryptographic operations center is presumed not to be secure against electronic eavesdroppers who may record and study data exchanges. Therefore, the uploaded data usage report, and the downloaded credit transaction functions are system features subject to attack by pirates to avoid payment. For example, a pirate might attempt to record and later repeat the previous transmissions of either the user terminal or the cryptographic operations center (also known as an echo attack). That is, a pirate might simulate the cryptographic operations center, i.e. act as imposter, to download fresh credit to the user terminal. In another form of attack, the pirate might simulate the output of the remote user terminal in order to transmit a false record of usage data to the cryptographic operations center. Therefore, it is critical that both the remote cryptographic control unit in the user terminal, and the cryptographic operations center, accurately authenticate messages from each other before any data usage records are uploaded and committed, or any credit authorization is downloaded, or data of any other kind is exchanged and acted upon.